php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70989 Segfault in gnupg_import()
Submitted: 2015-11-28 12:51 UTC Modified: 2016-03-04 18:17 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: spinkus at epicmorsel dot com Assigned: jimjag (profile)
Status: Closed Package: gnupg (PECL)
PHP Version: 5.6.16 OS: Linux
Private report: No CVE-ID: None
 [2015-11-28 12:51 UTC] spinkus at epicmorsel dot com
Description:
------------
---
PHP 5.6.15 (cli) (built: Nov 26 2015 19:35:00)
Also with PHP 5.4.45-0+deb7u2.1 (cli) (built: Nov 27 2015 15:32:29) 

---
<?php
ini_set('display_errors', E_ALL | E_NOTICE | E_STRICT );
$gpg = gnupg_init();
gnupg_seterrormode($gpg, gnupg::ERROR_EXCEPTION);
$info = gnupg_import($gpg, "");

---
[PHP Modules]
Core
ctype
date
dom
ereg
fileinfo
filter
gnupg
hash
iconv
json
libxml
pcre
PDO
pdo_sqlite
Phar
posix
pthreads
Reflection
session
SimpleXML
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter

[Zend Modules]

---
Custom build with ZTS enabled. Thats it.

---
(gdb) backtrace 
#0  0x00007fda99d0991b in zif_gnupg_import (ht=2, return_value=0x7fda9be382e8, return_value_ptr=<optimized out>, this_ptr=<optimized out>, 
    return_value_used=<optimized out>, tsrm_ls=<optimized out>) at /home/sam/local/tmp/pear/temp/gnupg/gnupg.c:1395
#1  0x00000000007bb4fa in zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>, tsrm_ls=0xf15380)
    at /home/sam/src/php-5.6.15/Zend/zend_vm_execute.h:558
#2  0x000000000077ae0b in execute_ex (execute_data=0x7fda9be04230, tsrm_ls=0xf15380) at /home/sam/src/php-5.6.15/Zend/zend_vm_execute.h:363
#3  0x000000000070a54c in zend_execute_scripts (type=type@entry=8, tsrm_ls=tsrm_ls@entry=0xf15380, retval=retval@entry=0x0, 
    file_count=file_count@entry=3) at /home/sam/src/php-5.6.15/Zend/zend.c:1341
#4  0x000000000069958a in php_execute_script (primary_file=primary_file@entry=0x7ffe48bca830, tsrm_ls=0xf15380, tsrm_ls@entry=0x7ffe48bca718)
    at /home/sam/src/php-5.6.15/main/main.c:2597
#5  0x00000000007beff8 in do_cli (argc=2, argv=0xf152a0, tsrm_ls=0x7ffe48bca718) at /home/sam/src/php-5.6.15/sapi/cli/php_cli.c:994
#6  0x000000000042c2e4 in main (argc=2, argv=0xf152a0) at /home/sam/src/php-5.6.15/sapi/cli/php_cli.c:1378
(gdb) quit


Test script:
---------------
<?php
ini_set('display_errors', E_ALL | E_NOTICE | E_STRICT );
$gpg = gnupg_init();
gnupg_seterrormode($gpg, gnupg::ERROR_EXCEPTION);
$info = gnupg_import($gpg, "");


Expected result:
----------------
Not Segfault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-01-25 14:29 UTC] stratmann at gmx dot de
This also happens if the input (second parameter) in fact contains data, but the data is not a valid (e.g. broken) PGP key.
 [2016-03-04 18:17 UTC] jimjag@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: jimjag
 [2016-03-04 18:17 UTC] jimjag@php.net
fixed. Will be 1.3.7
 [2016-06-15 09:42 UTC] spankme at emailspanker dot com
Where can I find the fixed version (1.3.7)?
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Aug 23 05:01:27 2019 UTC